1. Field of the Invention
This invention relates to a method and apparatus for supporting a cooperative activity in a system such as a television conference system wherein a plurality of participants cooperate to perform an activity.
2. Description of the Related Art
In a cooperative activity environment such as a conventional television conference system, control for participation in the cooperative activity and for access to shared information used in the activity is not satisfactory. The reason for this is as follows: In a single-function, special-purpose cooperative activity system, whether or not participation in the conference is allowed or denied to a person depends upon whether use of the television conference equipment can be acquired from his terminal, as in the manner of a telephone. In addition, by using a dedicated line for the conference system, leakage of information to a third party is prevented. In a case where someone participates in a certain cooperative activity, therefore, participation is allowed without requiring a special check to determine whether or not the participation should be permitted. Furthermore, when access is made to information shared in the cooperative activity, access to the information is allowed merely by simple access control.
Access control carried out in a conventional television conference system will be described with reference to a specific example. In this example, whether participation of a new participant (namely a new writer or new editor) in a cooperative editing activity in a stand-alone computer is allowed or denied is decided based upon static information using a conventional technique similar to that of access control in a UNIX file system. That is, in the access control described here, whether or not participation is allowed is decided based upon the access attributes of shared data to be edited.
First, in order to simplify the description, a name is given to the object of processing. For example, let the cooperative editing activity be "Cooperative Editing #302" and let a new participant be "Participant #46". Each cooperative editing activity has the attribute of the owner, just as in the case of UNIX file system. Similarly, the activity possesses access control attributes classified into three relationships, namely (1) user, (2) group and (3) other, and each has data representing (a) executable, (b) writable and (c) readable or data which is a combination of these data.
Under these settings, processing executed when "Participant #46" requests participation in "Cooperative Editing #302" is as follows:
First, the owner attributes of "Participant #46" and of "Cooperative Editing #302" are compared and it is determined whether the relationship is (1), (2) or (3) above. Next, the access control attribute relevant to this relationship is extracted and whether or not the participation request is allowed is decided based upon this attribute. For example, if "(a) executable" has been designated for the extracted control attribute, then participation becomes possible. In case of other attributes, however, it is decided that participation is not allowed. This is capable of being decided statically irrespective of the status of execution. Such access control processing is executed as part of system call processing of a UNIX operating system in a case where a UNIX file system is accessed, by way of example. In case of the cooperative editing activity described here, the access control processing is incorporated in cooperative activity software for the purpose of carrying out the cooperative editing activity, or an independent dedicated access control unit is prepared and processing is executed. Further, in case of UNIX or the like, access control for accessing a file in a file system and control of participation in a session such as log-in is managed based upon different frameworks. More specifically, with regard to accessing of a file, a decision is made upon referring to access permission set file by file. With regard to log-in, the decision is rendered upon referring to the content of a file "/etc/password".
Moreover, these decisions are rendered statically based upon file access permission or file content and status at the time of execution is not taken into consideration.
The recent popularization of high-performance computers connected by a high-speed network and the development of distributed computing software have made it possible to use a plurality of computers to perform a cooperative activity by a group comprising a plurality of individuals. Under these conditions, control for allowing or denying participation of each participant in a cooperative activity and for accessing information used therein is an important requirement in terms of carrying out the cooperative activity. In other words, in the prior art, access control is performed with regard to static information. However, in a case where a plurality of participants take part in a cooperative activity, it is necessary to carry out control for access to dynamic information for executing a program in the cooperative activity or participating therein. If the foregoing cannot be controlled properly and put to use in the cooperative activity, the progress of the cooperative activity will be impeded. The actual problems that arise when access control in a cooperative activity is not performed correctly are as follows:
(1) a decline in service caused by acceptance of more participants than the capacity for the processing; PA1 (2) leakage of confidential information; and PA1 (3) failure of the cooperative activity because of improper quantities of information.